TOR Tor Weekly News — July 2nd, 2015

Welcome to the twenty-sixth issue in 2015 of Tor Weekly News, the weekly newsletter that covers what’s happening in the Tor community.Tor Messenger Third Alpha is out

Sukhbir Singh and Arlo Breault put out a third alpha version of Tor Messenger, the Instantbird-based instant messaging client with Tor and Off-the-Record encryption enabled by default.

This release comes with packages for Windows and Mac OS X, as well as 32-bit and 64-bit Linux. Major improvements include the ability to create XMPP accounts in-band (that is, by logging in with the desired account credentials, if the chat server supports this), meaning that users no longer have to create their accounts beforehand over a non-Tor connection; usability improvements to the Off-the-Record extension; an installable Arabic language pack, courtesy of Sherief Alaa (with more languages to follow); and other network- and application-related enhancements.

However, this is still an alpha release: “there may be serious privacy leaks and other issues”, so “please DO NOT recommend Tor Messenger to end users” just yet. If you’d like to test the software out, please see Sukhbir’s announcement for download links and installation instructions, then submit your feedback on Tor’s bug tracker with the “Tor Messenger” component, or on the tor-dev mailing list or IRC channel.

OnionBalance 0.0.1 is out

Donncha O’Cearbhaill, one of the students participating in the first-ever Tor Summer of Privacy, released the first alpha version of his OnionBalance tool. OnionBalance “provides load-balancing and redundancy for Tor hidden services by distributing client requests to multiple backend Tor instances”; if you run an onion service that handles a large number of client requests, or require automatic failover in the event that some of your hardware fails or is seized, OnionBalance will help to distribute the load evenly and efficiently.

The tool is currently under heavy development, and “there are likely bugs which cause the OnionBalance service to crash or not operate correctly”. “I would very much appreciate any feedback or bug reports. In particular I would like to improve the documentation and make the tool easier for operators to install and run”, writes Donncha. Please see the release announcement for further information and installation instructions.

We’re always grateful for help and suggestions; if you’d like to get involved, see the information below for more details. Many thanks to everyone who has helped to write and proofread this newsletter over the past two years.

Monthly status reports for June 2015

The wave of regular monthly reports from Tor project members for the month of June has begun. Damian Johnson released his report first (with an update on Nyx development), followed by reports from Karsten Loesing (on project management and Tor network tools), Jacob Appelbaum (on outreach and advocacy), David Goulet (on onion service development), and Pearl Crescent (on development of Tor Browser and related software).

Griffin Boyce offered an update on the development status of Stormy, the one-click onion service setup tool: “Right now, the scripts are undergoing third-party testing to identify any obvious bugs before sending them to security auditors”.

Chloe posted details of an experiment to detect malicious Tor relays that might be stealing usernames and passwords that are not protected by HTTPS connections.

Juha Nurmi warned that an attacker is creating fake onion addresses that resemble those of popular onion services, including ahmia.fi, and using them to interfere with the content of onion pages as clients request them. Another update gives more information about the details of the attack.

This issue of Tor Weekly News has been assembled by Harmony.
Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!